Merge "Update test_server for conncurrent client auth"

2021-02-24 17:38:29 +00:00 · 2021-02-24 17:38:29 +00:00 · 02724da641
parent 8a9337945e b423a27108
commit 02724da641
2 changed files with 36 additions and 23 deletions
--- a/octavia_tempest_plugin/contrib/test_server/README.rst
+++ b/octavia_tempest_plugin/contrib/test_server/README.rst
@ -44,20 +44,24 @@ Example output:

  Usage of ./test_server.bin:
    -cert string
-          Server side PEM format certificate.
+          Server side PEM format certificate file path.
    -client_ca string
-          Client side PEM format CA certificate.
+          Client auth PEM format CA certificate file path.
    -https_port int
          HTTPS port to listen on, -1 is disabled. (default -1)
+    -https_client_auth_port int
+          HTTPS with client authentication port to listen on, -1 is disabled.
+          (default -1)
    -id string
          Server ID (default "1")
    -key string
-          Server side PEM format key.
+          Server side PEM format key file path.
    -port int
          Port to listen on (default 8080)

 If -https_port is not specified, the server will not accept HTTPS requests.
 When --https_port is specified, -cert and -key are required parameters.
-If -https_port is specified, the -client_ca parameter is optional. When
-client_ca is specified, it will configure the HTTPS port to require a valid
-client certificate to connect.
+
+If -https_client_auth_port is specified, the -client_ca parameter is required.
+When -client_ca is specified, it will configure the HTTPS client auth port to
+require a valid client certificate to connect.
--- a/octavia_tempest_plugin/contrib/test_server/test_server.go
+++ b/octavia_tempest_plugin/contrib/test_server/test_server.go
@ -236,11 +236,14 @@ func main() {
 	idPtr := flag.String("id", "1", "Server ID")
 	httpsPortPtr := flag.Int("https_port", -1,
 		"HTTPS port to listen on, -1 is disabled.")
+	httpsClientAuthPortPtr := flag.Int("https_client_auth_port", -1,
+		"HTTPS with client authentication port to listen on, -1 is disabled.")
 	serverCertPem := flag.String("cert", "",
-		"Server side PEM format certificate.")
-	serverKey := flag.String("key", "", "Server side PEM format key.")
+		"Server side PEM format certificate file path.")
+	serverKey := flag.String("key", "",
+        "Server side PEM format key file path.")
 	clientCaCertPem := flag.String("client_ca", "",
-		"Client side PEM format CA certificate.")
+		"Client auth PEM format CA certificate file path.")

 	flag.Parse()

@ -254,21 +257,27 @@ func main() {
 			fmt.Println("Error load server certificate and key.")
 			os.Exit(1)
 		}
-		certpool := x509.NewCertPool()
-		if *clientCaCertPem != "" {
-			caPem, err := ioutil.ReadFile(*clientCaCertPem)
-			if err != nil {
-				fmt.Println("Error load client side CA cert.")
-				os.Exit(1)
-			}
-			if !certpool.AppendCertsFromPEM(caPem) {
-				fmt.Println("Can't parse client side certificate authority")
-				os.Exit(1)
-			}
-		} else {
-			certpool = nil
+		go httpsServe(*httpsPortPtr, *idPtr, cert, nil,
+			*serverCertPem, *serverKey)
+	}
+
+	if *httpsClientAuthPortPtr > -1 {
+		cert, err := tls.LoadX509KeyPair(*serverCertPem, *serverKey)
+		if err != nil {
+			fmt.Println("Error load server certificate and key.\n")
+			os.Exit(1)
 		}
-		go httpsServe(*httpsPortPtr, *idPtr, cert, certpool,
+		certpool := x509.NewCertPool()
+		caPem, err := ioutil.ReadFile(*clientCaCertPem)
+		if err != nil {
+			fmt.Println("Error loading client auth CA cert.\n")
+			os.Exit(1)
+		}
+		if !certpool.AppendCertsFromPEM(caPem) {
+			fmt.Println("Can't parse client auth certificate authority")
+			os.Exit(1)
+		}
+		go httpsServe(*httpsClientAuthPortPtr, *idPtr, cert, certpool,
 			*serverCertPem, *serverKey)
 	}